I have a Portal site setup and a custom application configured as a shared application in portal. When the user clicks on the application it redirects the user to the application and then the application redirects the user to portal to login. If the user logs in again everything works fine.
I would like to avoid making the user log back in though since they just logged into portal. I've actually made this all work by reading the esri_auth cookie, but this requires that the custom application be hosted on the portal machine, which I can't really force on clients.
One possible solution that I was not able to complete was to find a way to make the esri_auth cookie's Domain NOT include the machine name and simply be a .domain.com instead of portal.domain.com. I feel like this should be possible since if you look at the esri_auth token provided by arcgisonline you will see that it is just .arcgis.com instead of map.company.arcgis.com. If I can get this to work I have no problems with telling a client that portal and the application need to be on the same domain.
However, I feel like that is a bit hacky and should not be necessarily. Am I missing something with the redirect to enable it to pick up the fact that the user had already logged in? The call to /portal/sharing/rest/oauth2/authorize?response_type=code&client_id=..&redirect_url=.. has the esri_auth cookie, so it should know that the user is already authenticated. ?
Any help would be a appreciated.